Provider-independent crypto in Java?

429 views Asked by At

I'm trying to write a program in Java that will digitally sign database entries prior to insertion. I would like for the program to be algorithm-independent - ideally, the user would specify the JCE provider and algorithm as arguments at runtime.

Is there a way to do this? I've been testing with the BouncyCastle provider, and the code runs fine when I dynamically register it:

Security.addProvider(new BouncyCastleProvider());

However, when I try to statically register the provider by adding the following lines to the end of my security/java.policy file, I get the error: java.security.NoSuchProviderException: no such provider: BC when I try to get an instance of a Security object using the provider.

security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider

Specifically, I added those lines to /etc/java-7-openjdk/security/java.policy (which is linked to $JAVA_HOME/jre/lib/security/java.policy). This is on Ubuntu 12.04. I also tried just adding the BouncyCastleProvider as the first entry and got the same error.

Am I configuring the static registration wrong or is what I am attempting impossible?

1

There are 1 answers

1
flo On BEST ANSWER

I think you are adding the static registration into the wrong file. Use security.policy instead of java.policy within the same folder.

See: https://www.bouncycastle.org/wiki/display/JA1/Provider+Installation